Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why does this happen?


  • Please log in to reply
4 replies to this topic

#1 huyvu90

huyvu90

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 25 August 2009 - 01:36 AM

I have a folder in my PC which I'm 100% sure that it's a spyware. For some reasons malawarebyte doesn't detect it when I scan the folder while my PC booted from ubcd4win. Instead it only detects it when scan in normal XP mode. Why?

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:41 PM

Posted 25 August 2009 - 07:18 AM

Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work unless you boot XP normally. Additionally, scanning from a bootable disk or from safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 huyvu90

huyvu90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 25 August 2009 - 02:51 PM

Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work unless you boot XP normally. Additionally, scanning from a bootable disk or from safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM.

~Blade



How exactly does mbam driver help in detection?

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:41 PM

Posted 25 August 2009 - 09:36 PM

MBAM used in portable mode is only supported for corporate use if I am not mistaken.

MBAM is intended to take up where an AV leaves off, it's using a driver loaded in normal mode to catch rootkits and depends upon heuristics for much of it's usefulness. Scanning from a second enviroment pretty much eliminates heuristcs.

It's database is extremely small, an AV uses large databases and can detect more types of files.
Chewy

No. Try not. Do... or do not. There is no try.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:41 PM

Posted 26 August 2009 - 09:17 AM

When compared to other security tools like Spybot S&D and Ad-Aware, the advantage of MBAM is that it uses a proprietary low level driver (similar to some ARK detectors) to locate hidden files and special techniques which enable it to detect a wide spectrum of threats including active rootkits.

Most anti-rootkit scanners will not work in safe mode because they utilize a driver which is required for the scanning process and that driver will not load in safe mode. Further, there are rootkit variants (haxdoor) that run in safe mode so the usual reason for running a scan in that mode does not apply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users